<?php

return [
  /*
  |--------------------------------------------------------------------------
  | Cross-Origin Resource Sharing (CORS) Configuration
  |--------------------------------------------------------------------------
  |
  | Here you may configure your settings for cross-origin resource sharing
  | or "CORS". This determines what cross-origin operations may execute
  | in web browsers. You are free to adjust these settings as needed.
  |
  | To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
  |
  */

  /*
   * You can enable CORS for 1 or multiple paths.
   * Example: ['api/*']
   */
  'paths' => ['/api/client', '/api/application', '/api/client/*', '/api/application/*'],

  /*
   * Matches the request method. `['*']` allows all methods.
   */
  'allowed_methods' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD'],

  /*
   * Matches the request origin. `['*']` allows all origins. Wildcards can be used, eg `*.mydomain.com`
   */
  'allowed_origins' => explode(',', env('APP_CORS_ALLOWED_ORIGINS') ?? ''),

  /*
   * Patterns that can be used with `preg_match` to match the origin.
   */
  'allowed_origins_patterns' => [],

  /*
   * Sets the Access-Control-Allow-Headers response header. `['*']` allows all headers.
   */
  'allowed_headers' => ['*'],

  /*
   * Sets the Access-Control-Expose-Headers response header with these headers.
   */
  'exposed_headers' => [],

  /*
   * Sets the Access-Control-Max-Age response header when > 0.
   */
  'max_age' => 0,

  /*
   * Sets the Access-Control-Allow-Credentials header.
   */
  'supports_credentials' => true,
];
